Package: tomcat6
Version: 6.0.24-2
Severity: normal
Tags: patch
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu maverick ubuntu-patch
Using tomcat6 package version 6.0.24-2ubuntu, after editing /etc/default/tomcat6 to set TOMCAT6_SECURITY=yes, Tomcat breaks on startup with (in catalina.out):
Using CATALINA_BASE: /var/lib/tomcat6
Using CATALINA_HOME: /usr/share/tomcat6
Using CATALINA_TMPDIR: /tmp/tomcat6-tmp
Using JRE_HOME: /usr/lib/jvm/java-6-openjdk
Using CLASSPATH: /usr/share/tomcat6/bin/bootstrap.jar
Using Security Manager
Exception in thread "main" java.lang.ExceptionInInitializerError
at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:171)
at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:243)
at org.apache.juli.logging.LogFactory.getLog(LogFactory.java:298)
at org.apache.catalina.startup.Bootstrap.<clinit>(Bootstrap.java:55)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission java.util.logging.config.class read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)
at java.security.AccessController.checkPermission(AccessController.java:553)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302)
at java.lang.System.getProperty(System.java:669)
at org.apache.juli.logging.DirectJDKLog.<clinit>(DirectJDKLog.java:43)
... 4 more
Could not find the main class: org.apache.catalina.startup.Bootstrap. Program will exit.
The problem is that -Djava.security.policy is being set twice, firstly in /etc/init.d/tomcat6 to $CATALINA_BASE/work/catalina.policy (correct), secondly in /usr/share/tomcat6/bin/catalina.sh to $CATALINA_BASE/conf/catalina.policy (an invalid path). Unfortunately the second takes precedence, and so no policy file is actually used.
To fix this, I suggest patching catalina.sh to change 'conf/catalina.policy' references to 'work/catalina.policy'. It would also be good to remove the explicit setting of -Djava.security.manager and -Djava.security.policy from the init.d script, since it is done anyway in the init script. I've attached two patches for this.
Originally reported in Ubuntu by Jeff Turner, and tracked at https://bugs.launchpad.net/ubuntu/+source/tomcat6/+bug/591802
*** /tmp/tmpgCS3jR
In Ubuntu, we've applied the attached patch to achieve the following:
* Fixing failure to start with security manager enable (Closes: LP: #591802)
Thanks to Jeff Turner for patches
We thought you might be interested in doing the same.
-- System Information:
Debian Release: squeeze/sid
APT prefers lucid-updates
APT policy: (500, 'lucid-updates'), (500, 'lucid-security'), (500, 'lucid')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-22-generic (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tmpeODczg
Type: text/x-diff
Size: 3905 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20100609/98f797ee/attachment.diff>